<?php
/**
 * Mini-projet 07 — CRUD Blog avec PDO (SQLite demo)
 * Démarrage : php -S localhost:8000 puis http://localhost:8000/solution.php
 *
 * MySQL : remplacer $pdo = new PDO('sqlite::memory:') par :
 * $pdo = new PDO('mysql:host=localhost;dbname=blog;charset=utf8mb4', $user, $pass, [...]);
 */
session_start();

// ── Connexion PDO (SQLite démo) ────────────────────────────
try {
    // SQLite persistant via fichier pour garder les données entre les requêtes
    $dbFile = sys_get_temp_dir() . '/php_blog_demo.sqlite';
    $pdo = new PDO("sqlite:$dbFile", null, null, [
        PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        PDO::ATTR_EMULATE_PREPARES   => false,
    ]);
    // Créer la table si elle n'existe pas (idempotent grâce à IF NOT EXISTS)
    $pdo->exec('CREATE TABLE IF NOT EXISTS articles (
        id INTEGER PRIMARY KEY AUTOINCREMENT,
        titre TEXT NOT NULL,
        contenu TEXT NOT NULL,
        auteur TEXT DEFAULT "Anonyme",
        publie INTEGER DEFAULT 0,
        created_at TEXT DEFAULT (datetime("now","localtime"))
    )');
    // Données de démonstration si la table est vide
    if ($pdo->query('SELECT COUNT(*) FROM articles')->fetchColumn() == 0) {
        $seed = $pdo->prepare('INSERT INTO articles (titre, contenu, auteur, publie) VALUES (?,?,?,?)');
        foreach ([
            ['Introduction à PDO', 'PDO (PHP Data Objects) est une couche d\'abstraction...', 'Alice', 1],
            ['Requêtes préparées', 'Les requêtes préparées protègent contre l\'injection SQL...', 'Bob', 1],
            ['Transactions MySQL', 'Une transaction garantit l\'atomicité des opérations...', 'Alice', 1],
            ['Brouillon en cours', 'Ce contenu n\'est pas encore prêt.', 'Bob', 0],
        ] as $row) $seed->execute($row);
    }
} catch (PDOException $e) {
    error_log($e->getMessage());
    die('Erreur de connexion.');
}

// ── Repository ─────────────────────────────────────────────
class ArticleRepo {
    public function __construct(private PDO $db) {}

    public function findAll(string $search = ''): array {
        if ($search !== '') {
            $like = '%' . addcslashes($search, '%_') . '%';
            $stmt = $this->db->prepare('SELECT * FROM articles WHERE titre LIKE :q OR contenu LIKE :q ORDER BY id DESC');
            $stmt->execute([':q' => $like]);
        } else {
            $stmt = $this->db->query('SELECT * FROM articles ORDER BY id DESC');
        }
        return $stmt->fetchAll();
    }

    public function findById(int $id): ?array {
        $stmt = $this->db->prepare('SELECT * FROM articles WHERE id = :id');
        $stmt->execute([':id' => $id]);
        return $stmt->fetch() ?: null;
    }

    public function create(array $d): int {
        $stmt = $this->db->prepare('INSERT INTO articles (titre, contenu, auteur, publie) VALUES (:t,:c,:a,:p)');
        $stmt->execute([':t' => $d['titre'], ':c' => $d['contenu'], ':a' => $d['auteur'], ':p' => (int)$d['publie']]);
        return (int)$this->db->lastInsertId();
    }

    public function update(int $id, array $d): bool {
        $stmt = $this->db->prepare('UPDATE articles SET titre=:t, contenu=:c, auteur=:a, publie=:p WHERE id=:id');
        $stmt->execute([':t'=>$d['titre'],':c'=>$d['contenu'],':a'=>$d['auteur'],':p'=>(int)$d['publie'],':id'=>$id]);
        return $stmt->rowCount() > 0;
    }

    public function delete(int $id): bool {
        $stmt = $this->db->prepare('DELETE FROM articles WHERE id = :id');
        $stmt->execute([':id' => $id]);
        return $stmt->rowCount() > 0;
    }
}

$repo = new ArticleRepo($pdo);

// ── CSRF ───────────────────────────────────────────────────
if (empty($_SESSION['csrf'])) $_SESSION['csrf'] = bin2hex(random_bytes(32));

// ── Actions POST ───────────────────────────────────────────
$flash = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (!hash_equals($_SESSION['csrf'], $_POST['csrf'] ?? '')) {
        $flash = 'error:Requête invalide.';
    } else {
        $action = $_POST['action'] ?? '';
        if ($action === 'create' || $action === 'update') {
            $titre   = trim($_POST['titre'] ?? '');
            $contenu = trim($_POST['contenu'] ?? '');
            $auteur  = trim($_POST['auteur'] ?? 'Anonyme');
            $publie  = isset($_POST['publie']) ? 1 : 0;
            if (strlen($titre) < 3)   { $flash = 'error:Titre trop court (min 3 cars).'; }
            elseif (strlen($contenu) < 10) { $flash = 'error:Contenu trop court (min 10 cars).'; }
            elseif ($action === 'create') {
                $id = $repo->create(compact('titre','contenu','auteur','publie'));
                $flash = "success:Article #$id créé.";
                $_SESSION['csrf'] = bin2hex(random_bytes(32));
            } else {
                $id = (int)($_POST['id'] ?? 0);
                $repo->update($id, compact('titre','contenu','auteur','publie'));
                $flash = "success:Article #$id modifié.";
                $_SESSION['csrf'] = bin2hex(random_bytes(32));
            }
        } elseif ($action === 'delete') {
            $id = (int)($_POST['id'] ?? 0);
            $repo->delete($id);
            $flash = "success:Article #$id supprimé.";
            $_SESSION['csrf'] = bin2hex(random_bytes(32));
        }
    }
    header('Location: ' . $_SERVER['PHP_SELF'] . ($flash ? '?flash=' . urlencode($flash) : ''));
    exit;
}

$flash = $_GET['flash'] ?? $flash;
$editId   = isset($_GET['edit'])   ? (int)$_GET['edit']   : 0;
$deleteId = isset($_GET['delete']) ? (int)$_GET['delete'] : 0;
$search   = trim($_GET['q'] ?? '');
$articles = $repo->findAll($search);
$editArticle = $editId ? $repo->findById($editId) : null;

[$flashType, $flashMsg] = $flash ? explode(':', $flash, 2) : ['', ''];
?>
<!DOCTYPE html>
<html lang="fr">
<head>
  <meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>CRUD Blog PDO</title>
  <style>
    *{margin:0;padding:0;box-sizing:border-box}
    body{background:#0a0e1a;color:#e6edf3;font-family:'Segoe UI',sans-serif;padding:1.5rem 1rem}
    .container{max-width:900px;margin:0 auto}
    h1{font-size:1.5rem;font-weight:800;color:#48cae4;margin-bottom:.3rem}
    h2{font-size:1rem;font-weight:700;color:#8b949e;margin:0 0 .8rem}
    .layout{display:grid;grid-template-columns:1fr 340px;gap:1.5rem;align-items:start;margin-top:1.5rem}
    .panel{background:rgba(22,27,34,.8);border:1px solid rgba(255,255,255,.08);border-radius:12px;padding:1.2rem}
    input,textarea,select{width:100%;background:rgba(255,255,255,.04);border:1px solid rgba(255,255,255,.1);border-radius:6px;color:#e6edf3;padding:.5rem .8rem;font-size:.84rem;font-family:inherit;outline:none;margin-bottom:.7rem}
    input:focus,textarea:focus{border-color:rgba(72,202,228,.5)}
    label{display:block;font-size:.75rem;color:#8b949e;margin-bottom:.2rem;font-weight:600}
    .check-row{display:flex;align-items:center;gap:.5rem;margin-bottom:.7rem;font-size:.84rem;color:#8b949e}
    .btn{padding:.5rem 1rem;border:none;border-radius:6px;font-weight:700;font-size:.82rem;cursor:pointer;transition:opacity .2s}
    .btn:hover{opacity:.8}
    .btn-primary{background:#48cae4;color:#0d1117}
    .btn-danger{background:rgba(248,81,73,.15);color:#f85149;border:1px solid rgba(248,81,73,.3)}
    .btn-edit{background:rgba(240,196,25,.1);color:#f0c419;border:1px solid rgba(240,196,25,.2)}
    .article{background:rgba(22,27,34,.6);border:1px solid rgba(255,255,255,.06);border-radius:8px;padding:1rem;margin-bottom:.8rem}
    .article-title{font-weight:700;margin-bottom:.3rem}
    .article-meta{font-size:.75rem;color:#6e7681;margin-bottom:.5rem}
    .badge{display:inline-block;padding:.1rem .5rem;border-radius:4px;font-size:.7rem;font-weight:700}
    .badge-pub{background:rgba(63,185,80,.15);color:#3fb950}
    .badge-draft{background:rgba(139,148,158,.1);color:#8b949e}
    .article-actions{display:flex;gap:.5rem;margin-top:.5rem}
    .flash{border-radius:8px;padding:.7rem 1rem;margin-bottom:1rem;font-size:.85rem}
    .flash-success{background:rgba(63,185,80,.1);border:1px solid rgba(63,185,80,.3);color:#3fb950}
    .flash-error{background:rgba(248,81,73,.1);border:1px solid rgba(248,81,73,.3);color:#f85149}
    .search-row{display:flex;gap:.5rem;margin-bottom:1rem}
    .search-row input{margin:0;flex:1}
    .confirm-box{background:rgba(248,81,73,.08);border:1px solid rgba(248,81,73,.3);border-radius:8px;padding:.8rem;margin-bottom:.8rem;font-size:.85rem;color:#ffa198}
  </style>
</head>
<body>
<div class="container">
  <h1>📰 CRUD Blog — PDO Demo</h1>
  <p style="color:#6e7681;font-size:.82rem">SQLite persistant · <?= count($articles) ?> article(s)</p>

  <?php if ($flashMsg): ?>
    <div class="flash flash-<?= $flashType === 'success' ? 'success' : 'error' ?>">
      <?= $flashType === 'success' ? '✅' : '❌' ?> <?= htmlspecialchars($flashMsg) ?>
    </div>
  <?php endif; ?>

  <div class="layout">
    <!-- ── Liste des articles ── -->
    <div>
      <div class="search-row">
        <form method="GET" style="display:contents">
          <input type="text" name="q" placeholder="Rechercher..." value="<?= htmlspecialchars($search) ?>">
          <button type="submit" class="btn btn-primary">🔍</button>
          <?php if ($search): ?><a href="?" class="btn" style="background:rgba(255,255,255,.05);color:#8b949e">✕</a><?php endif; ?>
        </form>
      </div>

      <?php if ($deleteId): ?>
        <div class="confirm-box">
          ⚠️ Confirmer la suppression de l'article #<?= $deleteId ?> ?
          <form method="POST" style="display:inline;margin-left:.8rem">
            <input type="hidden" name="csrf" value="<?= htmlspecialchars($_SESSION['csrf'], ENT_QUOTES) ?>">
            <input type="hidden" name="action" value="delete">
            <input type="hidden" name="id" value="<?= $deleteId ?>">
            <button type="submit" class="btn btn-danger">Supprimer</button>
          </form>
          <a href="?" class="btn" style="background:rgba(255,255,255,.05);color:#8b949e;margin-left:.3rem">Annuler</a>
        </div>
      <?php endif; ?>

      <?php if (empty($articles)): ?>
        <p style="color:#6e7681;font-size:.88rem">Aucun article trouvé.</p>
      <?php else: ?>
        <?php foreach ($articles as $a): ?>
          <div class="article">
            <div class="article-title"><?= htmlspecialchars($a['titre']) ?></div>
            <div class="article-meta">
              <?= htmlspecialchars($a['auteur']) ?> · <?= htmlspecialchars($a['created_at']) ?>
              <span class="badge <?= $a['publie'] ? 'badge-pub' : 'badge-draft' ?>">
                <?= $a['publie'] ? 'publié' : 'brouillon' ?>
              </span>
            </div>
            <div style="color:#8b949e;font-size:.82rem"><?= htmlspecialchars(mb_substr($a['contenu'], 0, 80)) ?>…</div>
            <div class="article-actions">
              <a href="?edit=<?= $a['id'] ?>" class="btn btn-edit">✏️ Modifier</a>
              <a href="?delete=<?= $a['id'] ?>" class="btn btn-danger">🗑️ Supprimer</a>
            </div>
          </div>
        <?php endforeach; ?>
      <?php endif; ?>
    </div>

    <!-- ── Formulaire ── -->
    <div class="panel">
      <h2><?= $editArticle ? '✏️ Modifier l\'article' : '➕ Nouvel article' ?></h2>
      <form method="POST">
        <input type="hidden" name="csrf" value="<?= htmlspecialchars($_SESSION['csrf'], ENT_QUOTES) ?>">
        <input type="hidden" name="action" value="<?= $editArticle ? 'update' : 'create' ?>">
        <?php if ($editArticle): ?>
          <input type="hidden" name="id" value="<?= $editArticle['id'] ?>">
        <?php endif; ?>

        <label>Titre *</label>
        <input type="text" name="titre" required minlength="3" maxlength="200"
               value="<?= htmlspecialchars($editArticle['titre'] ?? $_POST['titre'] ?? '') ?>">

        <label>Contenu *</label>
        <textarea name="contenu" rows="6" required minlength="10"><?= htmlspecialchars($editArticle['contenu'] ?? $_POST['contenu'] ?? '') ?></textarea>

        <label>Auteur</label>
        <input type="text" name="auteur" maxlength="100"
               value="<?= htmlspecialchars($editArticle['auteur'] ?? $_POST['auteur'] ?? 'Anonyme') ?>">

        <div class="check-row">
          <input type="checkbox" id="publie" name="publie" style="width:auto;margin:0"
                 <?= ($editArticle['publie'] ?? 0) ? 'checked' : '' ?>>
          <label for="publie" style="margin:0;cursor:pointer">Publier</label>
        </div>

        <button type="submit" class="btn btn-primary" style="width:100%">
          <?= $editArticle ? 'Enregistrer les modifications' : 'Créer l\'article' ?>
        </button>
        <?php if ($editArticle): ?>
          <a href="?" style="display:block;text-align:center;margin-top:.5rem;font-size:.82rem;color:#6e7681">Annuler</a>
        <?php endif; ?>
      </form>
    </div>
  </div>
</div>
</body>
</html>